lmfwc_rest_cannot_view Error 401

  • Hi to everyone,

    This is a nice plugin which I hope to use for my software, but I am stacked with a problem when trying to validate a key. I carefully tried everything found in the related post about the same problem, including the USER_AGENT parameter which seemed to solve it in the past, but doesn’t work for me, even if I deactivate Wordfence security plugin.

    $url = “https://mydom.com/wp-json/lmfwc/v2/licenses/validate/”. $id . “?consumer_key=” . $ck . “&consumer_secret=” . $cs;

    $ch = curl_init();

    curl_setopt_array($ch, array(
    CURLOPT_URL => $url,
    CURLOPT_USERAGENT => $_SERVER[‘HTTP_USER_AGENT’],
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => “”,
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => false,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => “GET”,
    ));

    Postman also returns the same:

    {
    “code”: “lmfwc_rest_cannot_view”,
    “message”: “Sorry, you cannot view this resource.”,
    “data”: {
    “status”: 401
    }
    }

    My site is running php 7.0.22. WP 5.7.1. Enfold theme.
    I will be very grateful if anyone could help.

    Thanks,

    Kim

    The page I need help with: [log in to see the link]

Viewing 10 replies - 1 through 10 (of 10 total)

  • Hello @kimherrero

    Do you still need help with this issue or have you managed to solve it by now?

    Thread Starter kimherrero

    (@kimherrero)

    Hi Drazen, I’ve been out of this for some days. Let me retake it and I tell you.
    Thank you very much for your interest.

    Best regards,

    Kim

    @kimherrero

    Sure thing, let me know if I can help.

    Thread Starter kimherrero

    (@kimherrero)

    Hi again, Drazen

    I am still getting {“code”:”lmfwc_rest_cannot_view”,”message”:”Sorry, you cannot view this resource.”,”data”:{“status”:401}}

    I am using Postman, with Get call and following headers:
    Host : <calculated when request is sent>
    User-Agent : PostmanRuntime/7.28.0
    Accept : */*
    Accept-Encoding : gzip, deflate, br
    Connection : keep-alive

    https://domain.com/wp-json/lmfwc/v2/licenses/validate/016D5030-2DB432B2-891F1D79-FE80964A?consumer_key=ck_x&consumer_secret=cs_x

    I should say that I have the wordfence security plugin running. I can see the postman call in the Live traffic list when set to “All traffic” but it doesn’t appear when set to “Security only”.

    Based on the code response, I think LM is blocking the resource, but I have really no idea about how to proceed.

    Any help would be highly appreciated!!

    Thanks to all,

    Kim

    Hello @kimherrero

    Can you try disabling the Wordfence security to plugin to make sure that it’s not causing any issues?

    Thread Starter kimherrero

    (@kimherrero)

    Hi Drazen,

    I completely removed wordfence and still receiving the same error message. I have installed another security plugin WP Cerber, that allow to easily whitelist namespaces and monitor traffic.

    I have created a new easy key 12345 to validate and of course ck & cs are correct.
    From there I can see that the final result to /wp-json/lmfwc/v2/licenses/validate/12345?consumer_key={}&consumer_secret={} is 401 / Unauthorized, even it is a whitelisted ip & namespace.

    Here are the headers, what surprises me is that REDIRECT_SCRIPT_URI is correct and REDIRECT_STATUS = 200. So why this ends up in a 401 error?

    Kind regards and thank you so much.

    Kim

    HTTP_USER_AGENT Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    PHP_SELF /index.php
    QUERY_STRING consumer_key={}&consumer_secret={}
    REDIRECT_HTTPS on
    REDIRECT_HTTP_AUTHORIZATION
    REDIRECT_QUERY_STRING consumer_key={}&consumer_secret={}
    REDIRECT_SCRIPT_URI https://domain.com/wp-json/lmfwc/v2/licenses/validate/12345
    REDIRECT_SCRIPT_URL /wp-json/lmfwc/v2/licenses/validate/12345
    REDIRECT_SSL_TLS_SNI domain.com
    REDIRECT_STATUS 200
    REDIRECT_UNIQUE_ID YNGib6e9Jz@xSiMmP@CBcAAAAM4
    REDIRECT_URL /wp-json/lmfwc/v2/licenses/validate/12345
    REMOTE_ADDR 37.14.153.61
    REMOTE_PORT 60181
    REQUEST_METHOD GET`

    @kimherrero

    Very strange… Please send me screenshots from POSTMAN:

    1. Request body
    2. Request headers
    3. Request URL

    We’ll go from there.

    Also: Please make sure that your API keys are assigned to an administrator, it will only work with users who have the manage_options capability, which usually is the administrator.

    Thread Starter kimherrero

    (@kimherrero)

    Hello Drazen, yes API keys belong to an admin.

    Here is the screenshot:

    Postman screenshot

    Would you accept me to add you to the Postman workspace instead of sending all the headers that I can’t copy easily? Is that ok to you?

    Thank you very much,

    Kim

    Thread Starter kimherrero

    (@kimherrero)

    Hi Drazen,

    I have updated WP to php 7.4. Deleted LM and reinstall again and now works.
    Installed Wordfence again and still works.

    Thank you very much for your time & dedication.

    Kim

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘lmfwc_rest_cannot_view Error 401’ is closed to new replies.